Securing the TMP Directory
Enterprise security policies often require mounting the /tmp directory with the no execution (noexec) flag.
By default, Cassandra Java Native Access (JNA) is mapped to /tmp;
JNA requires an executable directory to start.
Remap JNA to a different (executable) directory and change permissions to allow full access to the user that runs the DSE service.
There are three files that control Java Virtual Machine options:
-
jvm-server.options: options independent of any particular JVM -
jvm8-server.options: options particular to JVM 8 -
jvm11-server.options: options particular to JVM 11
Filename |
Location dependent on the type of installation |
|---|---|
jvm[8 | 11] -server.options |
Package installations: Tarball installations:
|
Procedure
-
Create a directory and grant full access to the Cassandra user.
-
Map the JNA temporary directory; in jvm-server.options file, add the following flag with the path to the new directory:
-Djna.tmpdir=<JNA_startup_directory>
-
If DataStax Enterprise fails to start because the JNA startup directory is not available, the following error may appear in the system log:
tail -3 /var/log/cassandra/system.logThe error is similar to:
ERROR main 2015-12-18 09:57:00,879 CassandraDaemon.java:213 - JNA failing to initialize properly. Use -Dcassandra.boot_without_jna=true to bootstrap even so. INFO Thread-2 2015-12-18 09:57:00,880 DseDaemon.java:418 - DSE shutting down... INFO Thread-2 2015-12-18 09:57:00,881 PluginManager.java:103 - All plugins are stopped.
